Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Baal_smart_forms | Baalsystems | * | 3.2 (excluding) |